Re: [OAUTH-WG] Call for Feedback on draft-ietf-oauth-iss-auth-resp-00
Christian Mainka <Christian.Mainka@rub.de> Mon, 10 May 2021 12:43 UTC
Return-Path: <Christian.Mainka@rub.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09D433A1B9D for <oauth@ietfa.amsl.com>; Mon, 10 May 2021 05:43:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rub.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ewgdVmuZcM3 for <oauth@ietfa.amsl.com>; Mon, 10 May 2021 05:43:22 -0700 (PDT)
Received: from out2.mail.ruhr-uni-bochum.de (out2.mail.ruhr-uni-bochum.de [IPv6:2a05:3e00:c:1001::8693:2ae5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8606B3A1B71 for <oauth@ietf.org>; Mon, 10 May 2021 05:43:22 -0700 (PDT)
Received: from mx2.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by out2.mail.ruhr-uni-bochum.de (Postfix mo-ext) with ESMTP id 4Ff11Z0wFrz8SRy; Mon, 10 May 2021 14:43:14 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rub.de; s=mail-2017; t=1620650594; bh=m5HtWIethrfBgD46oLKGkm35XM9ke24//dtDn+9k4i4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=flVoTwaLWayT0G0n/WsOTlnv5msD/rI+7DQRlsNAZuOzpUyCmtZjUCJlWau+3xc2l c92XzZ+mHy2IK9AERDPbGWqepWNHkcWkJHj6pgy2afqRK1x7Q7Q4juW6UhTFzYMp1V E5xoVKm4P2IN7MK3BSifO4trI3snpC+3I0gTtcsI=
Received: from out2.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by mx2.mail.ruhr-uni-bochum.de (Postfix idis) with ESMTP id 4Ff11Z0MVSz8SRC; Mon, 10 May 2021 14:43:14 +0200 (CEST)
X-Envelope-Sender: <Christian.Mainka@rub.de>
X-RUB-Notes: Internal origin=134.147.42.236
Received: from mail2.mail.ruhr-uni-bochum.de (mail2.mail.ruhr-uni-bochum.de [134.147.42.236]) by out2.mail.ruhr-uni-bochum.de (Postfix mi-int) with ESMTP id 4Ff11Y3GbQz8SPs; Mon, 10 May 2021 14:43:13 +0200 (CEST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.1 at mx2.mail.ruhr-uni-bochum.de
Received: from [192.168.93.128] (port-92-201-231-26.dynamic.as20676.net [92.201.231.26]) by mail2.mail.ruhr-uni-bochum.de (Postfix) with ESMTPSA id 4Ff11Y0hk1zDgyq; Mon, 10 May 2021 14:43:12 +0200 (CEST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.0 at mail2.mail.ruhr-uni-bochum.de
To: rifaat.s.ietf@gmail.com, karsten.meyerzuselhausen@hackmanit.de
Cc: oauth@ietf.org
References: <634f7b10-bb26-e05c-7d79-566c893c32b6@hackmanit.de> <CADNypP_P=bdtSHmX0aM4eK4yw+8n9HYnnS6ERVdOC_x7U3spZw@mail.gmail.com>
From: Christian Mainka <Christian.Mainka@rub.de>
Message-ID: <6096c803-ed87-e14d-83ee-32e8d2da76c5@rub.de>
Date: Mon, 10 May 2021 14:43:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <CADNypP_P=bdtSHmX0aM4eK4yw+8n9HYnnS6ERVdOC_x7U3spZw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="37pks8fqvwJRyfbvfiPkztv4yWdgRYi6h"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/j1zABw0_P7BFladOTo4KmweL_gU>
Subject: Re: [OAUTH-WG] Call for Feedback on draft-ietf-oauth-iss-auth-resp-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2021 12:43:38 -0000
Hi, I read the document, have no concerns, and support it. Christian On 01.05.21 22:46, Rifaat Shekh-Yusef wrote: > All, > > We have not seen any comments on this document. > Can you please review the document and provide feedback, or indicate that > you have reviewed the document and have no concerns. > > Regards, > Rifaat & Hannes > > > On Thu, Apr 15, 2021 at 3:04 AM Karsten Meyer zu Selhausen < > karsten.meyerzuselhausen@hackmanit.de> wrote: > >> Hi all, >> >> the latest version of the security BCP references >> draft-ietf-oauth-iss-auth-resp-00 as a countermeasures to mix-up attacks. >> >> There have not been any concerns with the first WG draft version so far: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/ >> >> I would like to ask the WG if there are any comments on or concerns with >> the current draft version. >> >> Otherwise I hope we can move forward with the next steps and hopefully >> finish the draft before/with the security BCP. >> >> Best regards, >> Karsten >> >> -- >> Karsten Meyer zu Selhausen >> Senior IT Security Consultant >> Phone: +49 (0)234 / 54456499 >> Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, Security Training >> >> Is your OAuth or OpenID Connect client vulnerable to the severe impacts of mix-up attacks? Learn how to protect your client in our latest blog post on single sign-on:https://www.hackmanit.de/en/blog-en/132-how-to-protect-your-oauth-client-against-mix-up-attacks >> >> Hackmanit GmbH >> Universitätsstraße 60 (Exzenterhaus) >> 44789 Bochum >> >> Registergericht: Amtsgericht Bochum, HRB 14896 >> Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. Christian Mainka, Dr. Marcus Niemietz >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Dr.-Ing. Christian Mainka Horst Görtz Institute for IT-Security Chair for Network and Data Security Ruhr University Bochum, Germany Universitätsstr. 150, ID 2/463 D-44801 Bochum, Germany Telefon: +49 (0) 234 / 32-26796 Fax: +49 (0) 234 / 32-14347 https://nds.rub.de/chair/people/cmainka/ @CheariX
- [OAUTH-WG] Call for Feedback on draft-ietf-oauth-… Karsten Meyer zu Selhausen
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Torsten Lodderstedt
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Christian Mainka
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Vladislav Mladenov
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Neil Madden
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Daniel Fett
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Brian Campbell
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Brian Campbell
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Karsten Meyer zu Selhausen
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Takahiko Kawasaki
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Brian Campbell
- Re: [OAUTH-WG] Call for Feedback on draft-ietf-oa… Vladimir Dzhuvinov